Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2662)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-48234

The CVE-2024-48234 issue affects mipjz 5.0.5. In the push method of app\tag\controller ApiAdminTag.php, the postAddress parameter is not validated and is passed directly to curl_exec, enabling server-side request forgery (SSRF) that can read server files. Red Hat and NVD entries confirm the same ...

CVE-2024-10327

A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...

CVE-2024-10327

CVE-2024-10327 affects Okta Verify for iOS 9.25.1 (beta)–9.27.0 (including beta). The vulnerability allows push notification responses via the iOS ContextExtension to authenticate regardless of user choice, across scenarios: locked-screen replies, home-screen drag-and-reply, and Apple Watch repli...

CVE-2024-10327

A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...

CVE-2024-10327

A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...

PT-2024-16190

Name of the Vulnerable Software and Affected Versions Okta Verify for iOS versions 9.25.1 beta through 9.27.0 including beta Description A vulnerability in Okta Verify for iOS allows push notification responses through the iOS ContextExtension feature, enabling authentication to proceed regardles...

OESA-2024-2267 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueuepush as set in virtioscsicompletereq / virtioblkreqcomplete /...

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and passwor...

CVE-2024-10070

A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotel...

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

PT-2024-39475 · Sendpulse · Sendpulse Free Web Push

Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG V5 version has a SQL injection vulnerability, which originates from the parameter policyId in the file /com/esafenet/policy/action/PolicyPushControlAction.java, which can lead to SQL injection...

WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...

WordPress SendPulse Free Web Push Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software SendPulse Free Web Push Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54dee5d0997d Credits Francesco...

GHSA-R7M4-F9H5-GR79 Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks

Impact Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. Patches https://github.com/jetty/jetty.project/pull/9715 https://github.com/jetty/jetty.project/pull/9716 Workarounds The session usage is intrinsic to the...

DEBIAN-CVE-2024-6762

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory...

PT-2024-30909 · Martin Gibson · Ideapush

Name of the Vulnerable Software and Affected Versions: IdeaPush versions through 8.66 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Martin Gibson IdeaPush. Recommendations: Fo...

[SECURITY] Fedora 41 Update: znc-push-2.0.0-10.20210311git4243934.fc41

ZNC Push is a module for ZNC that will send notifications to multiple push notification services, or SMS for any private message or channel highlight that matches a configurable set of conditions...